How Strong is My Password?

March 11, 2019

The Importance of Secure Logins

One would hope that the days of “abc123” and “pa$$word” passwords are of the past.

But while the majority of users don’t fall under such blatant disregard for personal security, there is still a large percentage of people who don’t do their due diligence in creating and maintaining strong passwords. Some of this is caused by negligence; other of it is due to laziness. In fact, according to McAfee, research shows that, while 46% of polled respondents say that their main concern is security strength…

34% are most concerned with the ease of remembering their passwords

37% still track their passwords the old-fashioned way (pen and paper)

34% reuse passwords across multiple accounts

59% admit to being willing to share their passwords with others

We believe that the lion’s share of this behavior is because of a fundamental lack of understanding—many users do not understand what is at stake for them personally and for the ones they love. The critical question of, “How strong is my password” may never occur to them with each new login.

The Hackable Age

As the recent Facebook hacks have proven, even the largest corporations struggle to keep their networks secure, especially when they don’t stay on top of their own security protocols.

According to Chief Security Officer magazine, cybercrime damages are expected to hit the $6 trillion mark by2021, up from the $3.5 trillion recorded in 2015. Verizon’s 2018 Global Data Breach report reveals that 17% of breaches in 2017 happened due to “unpatched systems, unprotected confidential data, misconfigured we servers”—also know as human error. Verizon also reported that 60% of those breaches were launched on smaller businesses due to the likelihood of smaller IT budgets, less equipped security teams, and weaker cyber defenses. Sometimes the largest breaches come down to the smallest details—including the seemingly insignificant Gmail, Drive, and Facebook logins.

Think about the passwords you have for your social media accounts, streaming sites, banking portals, and other work-related platforms. Although some are used for pleasure, some for mundane life, and others for productivity, you need to treat each password with the same gravity and concern.

Let’s take a deep dive and definitively answer the question: “How strong is my password?”

Adding a Few More Characters Makes a Monumental Difference

According to Richard Boyd, a senior researcher at Georgia Tech Research Institute, “Eight-character passwords are insufficient now,” and users should consider twelve-character passwords instead as the bare minimum.

This is because researchers at the Institute have been running password tests for several years now, specifically using clusters of PCs with high-powered graphics cards to run hacking software against example passwords. They found that it takes less than two hours to crack most eight-character passwords while the same methodology applied to twelve-character passwords would take more than 17,000 years to crack.

Even if you spend exorbitant time making your eight-character password look like gibberish or like comic book swear words, your time is better spent simply adding four extra characters to your original eight.

Length + Complexity = Strength

While length is the most important factor to consider, you shouldn’t sacrifice complexity for that added length.

Even if you used “supercalifragilisticexpialidocious” as your password, those 34 characters are so culturally recognizable that your password will be hacked in mere seconds (even in the face of a simple dictionary-based attack).

Moreover, never use only numbers or only words. It helps tremendously to venture beyond the 26 characters afforded you by the alphabet—you have 96 unique characters available to you on your QWERTY keyboards, so make use of them. Consider the exponential variables by those seventy extra characters, making it that much more difficult for hackers to use brute force attacks to hack your accounts. Using upper and lower case letters adds even more to the hacking difficulty.

Relieving the Memory Burden

Obviously, password sticky notes on computer monitors are convenient for the user—but they’re also convenient for would-be hackers.

However, it is difficult to come up with unique logins for each account you have and remember them all, especially now that we’re asking you to add more characters and diversify your usage of letters, numbers, and symbols. Mnemonic devices are encouraged, of course, but you should make these without relying on overly personal data, like:

Telephone numbers

Zip codes

Pets’ names

Family members’ names

Birth dates, etc.

One proven method is to create customized acronyms and corresponding association phrases (i.e. Diceware passwords) that are unique to you (we don’t need to explain why “My dear Aunt Sally” is a no go here). For more tips on this practice, check out NIST’s recommendations.

But, if we’re going to be completely honest, the most effective mnemonic device is to not have to remember your passwords at all. Use a credible password manager to alleviate the memory burden—you will be more likely to create longer, more complex passwords if you aren’t afraid of losing them in the ether or your mind. While we don’t have a company-specific manager to promote, the following are sites that our employees use personally:

The most secure of these will require a monthly or annual fee, but before you decide on a cheaper third-party app, be sure to do your research. As with any application that you leverage, be sure that you understand the data security ramifications and terms and agreements before you begin inputting all of your critical login data.

So, How Strong is My Password Now?

Security starts with the individual, but your behavior affects the masses.

The important thing to remember is that your cybersecurity isn’t just about you as a single user; your security practices ultimately influence your coworkers, your family, and your neighbors. Breaches that start with just a handful of compromised accounts can grow to affect millions of lives.

So, help us get the word out. Generate longer, stronger passwords across all of your accounts, and encourage everyone you know to do the same.